Implementing and Configuring Cisco Identity Services Engine (SISE) — Question 111

An administrator must block access to BYOD endpoints that were onboarded without a certificate and have been reported as stolen in the Cisco ISE My Devices Portal. Which condition must be used when configuring an authorization policy that sets DenyAccess permission?

Answer options

• A. Endpoint Identity Group is Blocklist, and the BYOD state is Registered.
• B. Endpoint Identify Group is Blocklist, and the BYOD state is Pending.
• C. Endpoint Identity Group is Blocklist, and the BYOD state is Lost.
• D. Endpoint Identity Group is Blocklist, and the BYOD state is Reinstate.

Correct answer: A

Explanation

The correct answer is A because it specifies that the endpoint is in the Blocklist category and has a Registered state, which indicates it should be denied access. The other options either reference incorrect BYOD states or mislabel the Endpoint Identity Group, failing to meet the criteria for blocking access to stolen endpoints.